diff --git a/api/admin.js b/api/admin.js new file mode 100644 index 0000000..3a70f6b --- /dev/null +++ b/api/admin.js @@ -0,0 +1,133 @@ +/* +This file contains all the endpoints which are accessible only to the admin. +The endpoints are +GET /users +POST /users +PUT /users +DELETE /users +NOTE: +The above users endpoints are not present in this file as they are all the users +endpoints this API has, they are present in a separate file, users.js +All those still come under the ADMIN endpoints + +PUT /topics +DELETE /topics +DELETE /articles +*/ + + +// Importing the topics model +var Topics = require('../models/topic.js'); +var Articles = require('../models/article.js'); + +var db = require('../db.js'); //this file contains the knex file import. it's equal to knex=require('knex') + +module.exports = function(app) { + + app.put('/topics',function(req,res){ + /* + This is a PUT endpoint for updating a topic information. + It takes the id of the topic to be updated and then updates it with the new object. + the error key in the returning object is a boolen which is false if there is no error and true otherwise + + TODO: Add updates only for columns that are in the request body. Handle exceptions. + */ + Topics.forge({id: req.body.id}) + .save({name: req.body.name, description: req.body.description}) + .then(function(topic) { + res.json({ + error: { + error: false, + message: '' + }, + code: 'B125', + data: topic + }); + }) + .catch(function (error) { + res.status(500).json({ + error: { + error: true, + message: error.message + }, + code: 'B126', + data: { + + } + }); + }); + }); + + + app.delete('/topics',function(req,res){ + /* + This is a DELETE endpoint for delete a complete topic from the database. + It takes the id of the topic and then delete that record from the database. + the error key in the returning object is a boolen which is false if there is no error and true otherwise + */ + + Topics.forge({id: req.body.id}) + .destroy() + .then(function() { + res.json({ + error: { + error: false, + message: '' + }, + code: 'B127', + data: { + + } + }); + }) + .catch(function (error) { + res.status(500).json({ + error: { + error: true, + message: error.message + }, + code: 'B128', + data: { + + } + }); + }); + }); + + + app.delete('/articles',function(req,res){ + /* + This is a DELETE endpoint for delete a complete article from the database. + It takes the id of the article and then deletes that record from the database. + the error key in the returning object is a boolen which is false if there is no error and true otherwise + */ + + Articles.forge({id: req.body.id}) + .destroy() + .then(function() { + res.json({ + error: { + error: false, + message: '' + }, + code: 'B109', + data: { + + } + }); + }) + .catch(function (error) { + res.status(500).json({ + error: { + error: true, + message: error.message + }, + code: 'B110', + data: { + + } + }); + }); + }); + +} diff --git a/api/articles.js b/api/articles.js index cf4cfae..32271c5 100644 --- a/api/articles.js +++ b/api/articles.js @@ -146,41 +146,6 @@ module.exports = function(app){ }); - app.delete('/articles',function(req,res){ - /* - This is a DELETE endpoint for delete a complete article from the database. - It takes the id of the article and then deletes that record from the database. - the error key in the returning object is a boolen which is false if there is no error and true otherwise - */ - - Articles.forge({id: req.body.id}) - .destroy() - .then(function() { - res.json({ - error: { - error: false, - message: '' - }, - code: 'B109', - data: { - - } - }); - }) - .catch(function (error) { - res.status(500).json({ - error: { - error: true, - message: error.message - }, - code: 'B110', - data: { - - } - }); - }); - }); - app.get('/articles/compare',function(req,res){ /* diff --git a/api/topics.js b/api/topics.js index 5876bda..b69f235 100644 --- a/api/topics.js +++ b/api/topics.js @@ -76,78 +76,6 @@ module.exports = function(app) { }); - app.put('/topics',function(req,res){ - /* - This is a PUT endpoint for updating a topic information. - It takes the id of the topic to be updated and then updates it with the new object. - the error key in the returning object is a boolen which is false if there is no error and true otherwise - - TODO: Add updates only for columns that are in the request body. Handle exceptions. - */ - Topics.forge({id: req.body.id}) - .save({name: req.body.name, description: req.body.description}) - .then(function(topic) { - res.json({ - error: { - error: false, - message: '' - }, - code: 'B125', - data: topic - }); - }) - .catch(function (error) { - res.status(500).json({ - error: { - error: true, - message: error.message - }, - code: 'B126', - data: { - - } - }); - }); - }); - - - app.delete('/topics',function(req,res){ - /* - This is a DELETE endpoint for delete a complete topic from the database. - It takes the id of the topic and then delete that record from the database. - the error key in the returning object is a boolen which is false if there is no error and true otherwise - */ - - Topics.forge({id: req.body.id}) - .destroy() - .then(function() { - res.json({ - error: { - error: false, - message: '' - }, - code: 'B127', - data: { - - } - }); - }) - .catch(function (error) { - res.status(500).json({ - error: { - error: true, - message: error.message - }, - code: 'B128', - data: { - - } - }); - }); - }); - - - app.get('/topic/:id/articles',function(req,res){ /* This is a GET endpoint that responds with the list of all the articles that belong to a particular topic (topic of given id param) diff --git a/index.js b/index.js index 20bf3ab..5c8815f 100644 --- a/index.js +++ b/index.js @@ -11,6 +11,7 @@ var bodyParser = require('body-parser'); //body parser to parse the request body var db = require('./db.js'); //this file contains the knex file import. it's equal to knex=require('knex') var app = express(); var apiRoutes = express.Router(); +var apiRoutesAdmin = express.Router(); var jwt = require('jsonwebtoken'); var misc = require('./misc.js'); var config = require('./config'); //config file in the app directory which contains the JWT key @@ -74,6 +75,66 @@ apiRoutes.use(function(req, res, next) { } }); + +apiRoutesAdmin.use(function(req, res, next) { + + // check header or url parameters or post parameters for token + var token = req.body.token || req.query.token || req.headers['x-access-token']; + + // decode token + if (token) { + // verifies secret and checks for expiration + jwt.verify(token, app.get('superSecret'), function(err, decoded) { + if (err) { + return res.json({ + error: { + error: true, + message: 'Failed to authenticate token' + }, + code: 'B101', + data: { + + } + }); + } else { + if(decoded.id == 1) { + // if everything is good, save to request for use in other routes + req.decoded = decoded; + next(); + } + else { + return res.status(403).json({ + error: { + error: true, + message: 'You are not authorized to perform this action' + }, + code: 'BNOTADMIN', + data: { + + } + }); + } + } + }); + + } else { + // if there is no token + // return an error + return res.status(403).json({ + error: { + error: true, + message: 'No token provided' + }, + code: 'B102', + data: { + + } + }); + + } +}); + + // Importing all endpoints for articles require('./api/articles')(apiRoutes); @@ -81,12 +142,17 @@ require('./api/articles')(apiRoutes); require('./api/topics')(apiRoutes); // Importing all endpoints for users -require('./api/users')(apiRoutes); +require('./api/users')(apiRoutesAdmin); // Importing all endpoints for archives require('./api/archives')(apiRoutes); +// Importing all endpoints which are only admin accessible +require('./api/admin')(apiRoutesAdmin); + + app.use('/api', apiRoutes); +app.use('/api', apiRoutesAdmin); app.use(express.static(__dirname + '/client'));